How will ISO
9001:2000 affect auditors?
The radical nature of changes to ISO 9000 has helped raise the profile of the standard, however, with changes come challenges. Peter Lomas of Lloyd's Register Quality Quality Assurance (LRQA), explores how the new standard impacts on the role of the quality auditor
Previous versions of ISO 9000 were considered by many to be a bureaucratic set of procedures used as a tool for early detection of production line errors. The system was not recognised as a real guarantee of a high quality product or service. In practice there was often little synergy between business and quality objectives.
The successive changes to the standard throughout the late 1980s and 1990s did little to persuade its critics that it had relevance outside the manufacturing sector. However, it has survived where other management schemes and standards, have been downgraded in value and forgotten.
ISO 9001:2000 is now a fully-fledged business management tool enabling organisations to coordinate their key business processes and other standards more easily.
The changes place greater emphasis on the business and provide a non-prescriptive framework for organisations that want a management system which can be used to address customer satisfaction, by meeting customer regulatory requirements.
Involvement from the top
The issues surrounding quality management have, in recent years, been increasingly elevated to the boardroom. Today quality management is seen as a strategic issue. It makes sense that ISO 9001:2000 helps to direct this emphasis on the board, by introducing a requirement for demonstration of leadership by senior management.
It has always been top management who have provided direction for business in terms of devising strategy, setting targets and objectives. And it should be self evident that leadership of the quality system from the top improves the system and in turn the products.
Impact on the auditor
What impact have these changes had on top management involvement and the role of internal auditors? ISO 9001:2000 has fundamentally changed the role of the quality auditor. Auditors are now expected to audit processes for effectiveness, achievement of quality objectives and targets, while before they simply had to check compliance against written procedures.
Trainers on ISO 9000:1994 courses typically told delegates that if there was not a documented procedure, they couldn't audit. However, one of the major differences between the 1994 and 2000 versions is in the reduction in the need for documented procedures. This enables other methods of procedure establishment to be used through training, input/output controls, completion of standard forms and computer driven processes.
It takes a broad level of skill and an enquiring mind to question systems and processes that are not described in a written procedure. Analysis of audit findings is not ticking off processes on a list of requirements. Now the auditor must truly evaluate data and the information they are given, and decide how effective the process is at delivering customer and business requirements.
Auditor reports should also reflect the changes introduced by ISO
9001:2000. Business managers want to know that their management system
tells them what their customers want, and that their system is accurately
measuring customer satisfaction.
The auditor is expected to produce a summary that gives the headline
findings and highlight any finding that indicates a business risk.
This summary should be short, current, valuable, and written in plain
language. Moreover, while the manager will not want to read all of
the audit details they will want to know that they are available.
This influences the content and style of training courses, which should have been revised and updated to reflect the changes to ISO 9000. Most significantly, training needs to take into account developing delegates' knowledge of auditing as a management tool.
However, here is the difficulty. Training providers cannot assume
delegates have knowledge of business issues. We therefore need to
provide much of this information for them.
LRQA adapted its pre-course learning to give delegates an introduction
to business management and how this relates to quality management.
This for example incorporates the role that customer satisfaction
surveys play, the setting of objectives and targets, etc.
For some auditors, particularly those in senior positions it may only mean an adjustment in their style to take into account the change in requirements. However, for many others it could mean significant changes in the direction of auditing, the need to develop new skills and knowledge, a greater confidence in interfacing with all levels within the company and a wider understanding of the business environment in which the company operates.
Your future in your hands
Changes to ISO 9000 have had the effect of shifting the emphasis from simply learning the mechanics of auditing, to understanding what goes into making an effective audit process. This is shown by the change in approach to ISO 9001:2000 training events. More delegate participation is required to give a practical approach and the use of pre-course materials.
It would also be fair to say that the responsibility for personal development has shifted more squarely onto the shoulders of the delegates themselves and those that are successful on the lead auditor course are those that took the time to prepare and have a higher level of general business knowledge.
About the author
Peter Lomas is the systems development manager at LRQA. Prior to this,
he was manager of the LRQA training business in the UK for over eight
years. During this time he was involved in the introduction of EMS
training into the business and in the implementation of training industry
best practice in quality training. Before joining LRQA, Peter was
quality consultant for British Coal where he gained an insight into
the client perspective. Peter is a member of the Chartered Institute
of Personnel Development and a member of the IRCA technical committee.
Lloyd's Register Quality Assurance (LRQA) is a leading certification body and provides a range of management systems certification and training in the areas of quality, environmental, information security, occupational health and safety and beyond. For further information click www.lrqa.co.uk
|
|
 |
|
 |
 |
 |
|
 |
|
 |
|